Well Microsoft outdid themselves this time. They screwed up by saying they had screwed up when really they hadn’t (maybe). And in that screw-up screw-up lies a tale and more importantly a lesson.

Yesterday Microsoft released a putative set of patches to correct various security issues in their Office X and Office 2004 product suites for the Mac. These patches were supposed to address two serious security issues, including one talked about here recently. Today, however, Microsoft said they were wrong about their screw-up. Or, maybe, just wrong about the way they tried to fix their screw-up. Regardless, they unreleased the patches by removing them from their Web site. And they also recommended that anyone who installed the patches should uninstall them, although they didn’t say how to do so.

The moral of this story, which we’ve mentioned both here and in our book, is that it’s not easy to figure out exactly when to install updates, be they from Microsoft, Apple (who has had similar, although much less serious, problems) or anyone else. In general security updates should be installed fairly quickly after they’re released, but still, for most of us, not immediately. And today’s screw-up screw-up makes it clear why: sometimes companies’ “cures” are worse than their “diseases,” and sometimes there might not have even been a disease in the first place.

So how do you know when to install which updates? That’s a very difficult question, especially since most security updates are very important. Our book recommends monitoring discussion groups to see what “early adopters” experiences are, and then deciding. An additional recommendation we’re going to add: look at the track record of the update publisher in deciding how long to wait. We know we certainly won’t be installing any Microsoft patches any time soon!

As an interesting footnote to this whole issue, it’s appropriate to note the disclaimer at the end of Microsoft’s notice about their screw-up screw-up:

*This posting is provided "AS IS" with no warranties... *

In other words, you can’t really be sure their screw-up screw-up isn’t... a screw-up :O What would we do without Microsoft!